﻿using System;
using System.Collections.Generic;
using System.Text;
using System.Drawing;
using System.Web;
using System.Text.RegularExpressions;
using System.Globalization;

namespace VCommons
{
    /// <summary>
    /// 字符处理类
    /// </summary>
    public static class StringHandle
    {

        /// <summary>
        /// 转全角的函数(SBC case)
        /// 任意字符串
        /// 全角字符串
        ///全角空格为12288，半角空格为32
        ///其他字符半角(33-126)与全角(65281-65374)的对应关系是：均相差65248   
        /// </summary>
        /// <param name="input">任意字符串</param>
        /// <returns>全角字符串</returns>
        public static string ToSBC(this string input)
        {
            //半角转全角：
            char[] c = input.ToCharArray();
            for (int i = 0; i < c.Length; i++)
            {
                if (c[i] == 32)
                {
                    c[i] = (char)12288;
                    continue;
                }
                if (c[i] < 127)
                    c[i] = (char)(c[i] + 65248);
            }
            return new string(c);
        }


        /// <summary>
        /// 转半角的函数(DBC case)
        /// 任意字符串
        /// 半角字符串
        ///全角空格为12288，半角空格为32
        ///其他字符半角(33-126)与全角(65281-65374)的对应关系是：均相差65248
        /// </summary>
        /// <param name="input">任意字符串</param>
        /// <returns>半角字符串</returns>
        public static string ToDBC(this string input)
        {
            //全角转半角
            char[] c = input.ToCharArray();
            for (int i = 0; i < c.Length; i++)
            {
                if (c[i] == 12288)
                {
                    c[i] = (char)32;
                    continue;
                }
                if (c[i] > 65280 && c[i] < 65375)
                    c[i] = (char)(c[i] - 65248);
            }
            return new string(c);
        }


        /// <summary>
        /// 取字符串中的非数字字符
        /// </summary>
        /// <param name="str">字符串</param>
        /// <returns></returns>
        public static string ReturnStr(this string str)
        {
            string ret = "";
            for (int i = 0; i < str.Length; i++)
            {
                string tmp = str.Substring(i, 1);
                if (!TypeParse.IsNumeric(tmp))
                {
                    ret = ret + tmp;
                }
            }
            return ret;
        }

        /// <summary>
        /// 四舍五入方法
        /// </summary>
        /// <param name="Value">需要四舍五入的值</param>
        /// <param name="Digits">需要精确的位数，整数位为正，小数位为负。例：精确到小数第二位就是-2。精确到整数第二位就是2</param>
        /// <returns>四舍五入后的值</returns>
        public static double MathRound(this double Value, int Digits)
        {
            double d = Convert.ToDouble(Value);
            if (Digits > 0)
                d = d / Math.Pow(10, Digits);
            string fractionString = "";   //小数部分字符串
            //取得小数点的位置，将字符串分为整数部分和小数部分，没有小数部分就为空。
            int dotPosition = d.ToString().IndexOf(".");
            if (dotPosition != -1)
                fractionString = d.ToString().Substring(dotPosition + 1);
            if (fractionString.Length <= -Digits + 1)
                d += Math.Pow(10, Digits - 2);
            if (Digits <= 0)
                return Math.Round(d, -Digits);
            else
                return Math.Round(d, 0) * Math.Pow(10, Digits);
        }

        /// <summary>
        /// 将字符串转换为Color
        /// </summary>
        /// <param name="color"></param>
        /// <returns></returns>
        public static Color ToColor(this string color)
        {
            int red, green, blue = 0;
            char[] rgb;
            color = color.TrimStart('#');
            color = Regex.Replace(color.ToLower(), "[g-zG-Z]", "");
            switch (color.Length)
            {
                case 3:
                    rgb = color.ToCharArray();
                    red = Convert.ToInt32(rgb[0].ToString() + rgb[0].ToString(), 16);
                    green = Convert.ToInt32(rgb[1].ToString() + rgb[1].ToString(), 16);
                    blue = Convert.ToInt32(rgb[2].ToString() + rgb[2].ToString(), 16);
                    return Color.FromArgb(red, green, blue);
                case 6:
                    rgb = color.ToCharArray();
                    red = Convert.ToInt32(rgb[0].ToString() + rgb[1].ToString(), 16);
                    green = Convert.ToInt32(rgb[2].ToString() + rgb[3].ToString(), 16);
                    blue = Convert.ToInt32(rgb[4].ToString() + rgb[5].ToString(), 16);
                    return Color.FromArgb(red, green, blue);
                default:
                    return Color.FromName(color);

            }
        }

        /// <summary>
        /// 判断字符串是否是yy-mm-dd字符串
        /// </summary>
        /// <param name="str">待判断字符串</param>
        /// <returns>判断结果</returns>
        public static bool IsDateString(this string str)
        {
            return Regex.IsMatch(str, @"(\d{4})-(\d{1,2})-(\d{1,2})");
        }

        /// <summary>
        /// 移除Html标记
        /// </summary>
        /// <param name="content">要移除html的源字符串</param>
        /// <returns>移除html的字符串</returns>
        public static string RemoveHtml(this string content)
        {
            string regexstr = @"<[^>]*>";
            return Regex.Replace(content, regexstr, string.Empty, RegexOptions.IgnoreCase);
        }

        /// <summary>
        /// 过滤HTML中的不安全标签
        /// </summary>
        /// <param name="content">要过滤的源字符串</param>
        /// <returns>过滤过的字符串</returns>
        public static string RemoveUnsafeHtml(this string content)
        {
            content = Regex.Replace(content, @"(\<|\s+)o([a-z]+\s?=)", "$1$2", RegexOptions.IgnoreCase);
            content = Regex.Replace(content, @"(script|frame|form|meta|behavior|style)([\s|:|>])+", "$1.$2", RegexOptions.IgnoreCase);
            return content;
        }

        /// <summary>
        /// 检测是否有Sql危险字符
        /// </summary>
        /// <param name="str">要判断字符串</param>
        /// <returns>判断结果</returns>
        public static bool IsSafeSqlString(this string str)
        {
            return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']");
        }

        /// <summary>
        /// 检测是否有危险的可能用于链接的字符串
        /// </summary>
        /// <param name="str">要判断字符串</param>
        /// <returns>判断结果</returns>
        public static bool IsSafeUserInfoString(this string str)
        {
            return !Regex.IsMatch(str, @"^\s*$|^c:\\con\\con$|[%,\*" + "\"" + @"\s\t\<\>\&]|游客|^Guest");
        }

        /// <summary>
        /// 取得系统路径
        /// </summary>
        public static string AppPath
        {
            get
            {
                string args = null;
                try
                {
                    args = System.Web.HttpContext.Current.Request.PhysicalApplicationPath;
                }
                catch (Exception) { ;}
                if (String.IsNullOrEmpty(args)) args = System.Environment.CurrentDirectory;
                return args;
            }
        }

        /// <summary>
        /// 获取面源网面的地址
        /// </summary>
        /// <returns></returns>
        public static string GetFurl()
        {
            string ret = string.Empty;
            string[] url = HttpContext.Current.Request.ServerVariables["URL"].Split('/');
            if (HttpContext.Current.Request.ServerVariables["QUERY_STRING"] == "")
            {
                ret = url[url.Length - 1];
            }
            else
            {
                ret = url[url.Length - 1] + "?" + HttpContext.Current.Request.ServerVariables["QUERY_STRING"];
            }

            return ret;
        }

        /// <summary>
        /// 获取域加虚拟路径
        /// </summary>  
        /// <returns></returns>
        public static string GetAppPath()
        {
            return "http://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.ApplicationPath;
        }

        /// <summary>
        /// 功能:对表 表单内容进行转换HTML操作,
        /// </summary>
        /// <param name="s">html字符串</param>
        /// <returns></returns>
        public static string HtmlCode(this string s)
        {
            string str = "";
            str = s.Replace(">", "&gt;");
            str = s.Replace("<", "&lt;");
            str = s.Replace(" ", "&nbsp;");
            str = s.Replace("\n", "<br />");
            str = s.Replace("\r", "<br />");
            str = s.Replace("\r\n", "<br />");

            return str;
        }

        /// <summary>
        /// 功能:对表 表单内容进行转换HTML操作,
        /// </summary>
        /// <param name="s"></param>
        /// <returns></returns>
        public static string CodeHtml(this string s)
        {
            string str = "";
            str = s.Replace("&gt;", ">");
            str = s.Replace("&lt;", "<");
            str = s.Replace("&nbsp;", " ");
            str = s.Replace("<br />", "\n");
            str = s.Replace("<br />", "\r");
            str = s.Replace("<br />", "\r\n");

            return str;
        }

        /// <summary>     
        /// 过滤xss攻击脚本     
        /// </summary>     
        /// <param name="input">传入字符串</param>     
        /// <returns>过滤后的字符串</returns>     
        public static string FilterXSS(this string html)
        {
            if (string.IsNullOrEmpty(html)) return string.Empty;

            // CR(0a) ，LF(0b) ，TAB(9) 除外，过滤掉所有的不打印出来字符.     
            // 目的防止这样形式的入侵 ＜java\0script＞     
            // 注意：\n, \r,  \t 可能需要单独处理，因为可能会要用到     
            string ret = System.Text.RegularExpressions.Regex.Replace(
                html, "([\x00-\x08][\x0b-\x0c][\x0e-\x20])", string.Empty);

            ret = ret.Replace("\t", "");  //(补充，过滤TAB空格，那也是危险的XSS字符)

            //替换所有可能的16和10进制构建的恶意代码     
            //<IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&_#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29>            
            ret = System.Text.RegularExpressions.Regex.Replace(ret, @"(&#[x|X]?\d+);?", "", System.Text.RegularExpressions.RegexOptions.IgnoreCase);

            //过滤Javascript事件触发的恶意代码   
            string[] keywords = {
                                    "javascript", "vbscript", "expression", "applet", "meta", 
                                    "xml", "blink", "script", "embed", "object", 
                                    "iframe", "frame", "frameset", "ilayer", "layer", "bgsound", "title", "base",   
                                    "onabort", "onactivate", "onafterprint", "onafterupdate", "onbeforeactivate", 
                                    "onbeforecopy", "onbeforecut", "onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste", 
                                    "onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", "onbounce", "oncellchange", 
                                    "onchange", "onclick", "oncontextmenu", "oncontrolselect", "oncopy", "oncut", "ondataavailable", 
                                    "ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", "ondrag", "ondragend",
                                    "ondragenter", "ondragleave", "ondragover", "ondragstart", "ondrop", "onerror", "onerrorupdate", 
                                    "onfilterchange", "onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", "onkeydown", 
                                    "onkeypress", "onkeyup", "onlayoutcomplete", "onload", "onlosecapture", "onmousedown", 
                                    "onmouseenter", "onmouseleave", "onmousemove", "onmouseout", "onmouseover", "onmouseup", 
                                    "onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste", "onpropertychange", 
                                    "onreadystatechange", "onreset", "onresize", "onresizeend", "onresizestart", 
                                    "onrowenter", "onrowexit", "onrowsdelete", "onrowsinserted", "onscroll", "onselect", 
                                    "onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", "onunload"};

            bool found = true;
            while (found)
            {
                var retBefore = ret;
                for (int i = 0; i < keywords.Length; i++)
                {
                    //string pattern = "/"; (补允, 正则前台加/过滤不到)
                    string pattern = "";
                    for (int j = 0; j < keywords[i].Length; j++)
                    {
                        if (j > 0)
                            pattern = string.Concat(pattern, '(', "(&#[x|X]0{0,8}([9][a][b]);?)?", "|(&#0{0,8}([9][10][13]);?)?",
                                ")?");
                        pattern = string.Concat(pattern, keywords[i][j]);
                    }
                    string replacement = string.Concat(keywords[i].Substring(0, 2), "＜x＞", keywords[i].Substring(2));
                    ret = System.Text.RegularExpressions.Regex.Replace(ret, pattern, replacement, System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                    if (ret == retBefore)
                        found = false;
                }

            }

            return ret;
        }

        /// <summary>
        /// 对source，按照“＃”进行分割，获取第num个字符串的值
        /// </summary>
        /// <param name="source">源字符串</param>       
        /// <param name="num">获取第num个字符串</param>
        /// <returns>第num个字符串的值</returns>
        public static string GetSplitString(this string source, int num)
        {
            return GetSplitString(source, "#", num);
        }

        /// <summary>
        /// 对source，按照指定的split进行分割，获取第num个字符串的值
        /// </summary>
        /// <param name="source">源字符串</param>
        /// <param name="split">分隔符</param>
        /// <param name="num">获取第num个字符串</param>
        /// <returns>第num个字符串的值</returns>
        public static string GetSplitString(this string source, string split, int num)
        {
            try
            {
                string[] strs = source.Split(new string[] { split }, StringSplitOptions.RemoveEmptyEntries);
                return strs[num];
            }
            catch
            {
                return "Empty";
            }
        }



        /// <summary>
        /// 获取指定汉字拼音的首字母
        /// </summary>
        /// <param name="source">指定汉字</param>
        /// <returns>指定汉字拼音的首字母</returns>
        public static string GetFirstLetter(this string source)
        {
            int i = 0;
            ushort key = 0;
            string strResult = string.Empty;

            //创建两个不同的encoding对象
            Encoding unicode = Encoding.Unicode;
            //创建GBK码对象
            Encoding gbk = Encoding.GetEncoding(936);
            //将unicode字符串转换为字节
            byte[] unicodeBytes = unicode.GetBytes(source);
            //再转化为GBK码
            byte[] gbkBytes = Encoding.Convert(unicode, gbk, unicodeBytes);
            while (i < gbkBytes.Length)
            {
                //如果为数字\字母\其他ASCII符号
                if (gbkBytes[i] <= 127)
                {
                    strResult = strResult + (char)gbkBytes[i];
                    i++;
                }
                #region 否则生成汉字拼音简码,取拼音首字母
                else
                {

                    key = (ushort)(gbkBytes[i] * 256 + gbkBytes[i + 1]);
                    if (key >= '\uB0A1' && key <= '\uB0C4')
                    {
                        strResult = strResult + "A";
                    }
                    else if (key >= '\uB0C5' && key <= '\uB2C0')
                    {
                        strResult = strResult + "B";
                    }
                    else if (key >= '\uB2C1' && key <= '\uB4ED')
                    {
                        strResult = strResult + "C";
                    }
                    else if (key >= '\uB4EE' && key <= '\uB6E9')
                    {
                        strResult = strResult + "D";
                    }
                    else if (key >= '\uB6EA' && key <= '\uB7A1')
                    {
                        strResult = strResult + "E";
                    }
                    else if (key >= '\uB7A2' && key <= '\uB8C0')
                    {
                        strResult = strResult + "F";
                    }
                    else if (key >= '\uB8C1' && key <= '\uB9FD')
                    {
                        strResult = strResult + "G";
                    }
                    else if (key >= '\uB9FE' && key <= '\uBBF6')
                    {
                        strResult = strResult + "H";
                    }
                    else if (key >= '\uBBF7' && key <= '\uBFA5')
                    {
                        strResult = strResult + "J";
                    }
                    else if (key >= '\uBFA6' && key <= '\uC0AB')
                    {
                        strResult = strResult + "K";
                    }
                    else if (key >= '\uC0AC' && key <= '\uC2E7')
                    {
                        strResult = strResult + "L";
                    }
                    else if (key >= '\uC2E8' && key <= '\uC4C2')
                    {
                        strResult = strResult + "M";
                    }
                    else if (key >= '\uC4C3' && key <= '\uC5B5')
                    {
                        strResult = strResult + "N";
                    }
                    else if (key >= '\uC5B6' && key <= '\uC5BD')
                    {
                        strResult = strResult + "O";
                    }
                    else if (key >= '\uC5BE' && key <= '\uC6D9')
                    {
                        strResult = strResult + "P";
                    }
                    else if (key >= '\uC6DA' && key <= '\uC8BA')
                    {
                        strResult = strResult + "Q";
                    }
                    else if (key >= '\uC8BB' && key <= '\uC8F5')
                    {
                        strResult = strResult + "R";
                    }
                    else if (key >= '\uC8F6' && key <= '\uCBF9')
                    {
                        strResult = strResult + "S";
                    }
                    else if (key >= '\uCBFA' && key <= '\uCDD9')
                    {
                        strResult = strResult + "T";
                    }
                    else if (key >= '\uCDDA' && key <= '\uCEF3')
                    {
                        strResult = strResult + "W";
                    }
                    else if (key >= '\uCEF4' && key <= '\uD188')
                    {
                        strResult = strResult + "X";
                    }
                    else if (key >= '\uD1B9' && key <= '\uD4D0')
                    {
                        strResult = strResult + "Y";
                    }
                    else if (key >= '\uD4D1' && key <= '\uD7F9')
                    {
                        strResult = strResult + "Z";
                    }
                    else
                    {
                        strResult = strResult + "?";
                    }
                    i = i + 2;
                }
                #endregion
            }//end while

            return strResult;
        }



        /// <summary>
        /// 获取指定长度和后缀的字符
        /// </summary>
        /// <param name="text">源字符串</param>
        /// <param name="size">长度</param>
        /// <param name="p_TailString">后缀</param>
        /// <returns></returns>
        public static string GetSubString(this object text, int size, string p_TailString)
        {
            string demo = RemoveHtml(text.ToString());
            if (demo.Length > size)
            {
                return demo.Substring(0, size) + p_TailString;
            }
            else
            {
                return demo;
            }
        }

        /// <summary>
        /// 获取指定长度和后缀的Unicode字符
        /// </summary>
        /// <param name="text">源字符串</param>
        /// <param name="size">长度</param>
        /// <param name="p_TailString">后缀</param>
        /// <returns></returns>
        public static string GetUnicodeSubString(this object text, int size, string p_TailString)
        {
            string result = string.Empty;// 最终返回的结果
            string str = RemoveHtml(Convert.ToString(text));
            int byteLen = System.Text.Encoding.Default.GetByteCount(str);// 单字节字符长度
            int charLen = str.Length;// 把字符平等对待时的字符串长度
            int byteCount = 0;// 记录读取进度
            int pos = 0;// 记录截取位置
            if (byteLen > size)
            {
                for (int i = 0; i < charLen; i++)
                {
                    if (Convert.ToInt32(str.ToCharArray()[i]) > 255)// 按中文字符计算加2
                        byteCount += 2;
                    else// 按英文字符计算加1
                        byteCount += 1;
                    if (byteCount > size)// 超出时只记下上一个有效位置
                    {
                        pos = i;
                        break;
                    }
                    else if (byteCount == size)// 记下当前位置
                    {
                        pos = i + 1;
                        break;
                    }
                }

                if (pos >= 0)
                    result = str.Substring(0, pos) + p_TailString;
            }
            else
                result = str;

            return result;
        }

        /// <summary>
        /// 格式时间
        /// </summary>
        /// <param name="dt">转换的时间</param>
        /// <param name="format">例如 yyyy-MM-dd  HH:mm:ss</param>
        /// <returns></returns>
        public static string FormatDateToString(this DateTime dt, string format)
        {
            try
            {
                if (dt == null)
                {
                    return string.Empty;
                }
                return dt.ToString(format, DateTimeFormatInfo.InvariantInfo);
            }
            catch (Exception)
            {
                return Convert.ToString(dt);
            }

        }

        /// <summary>
        /// 过滤一切不安全的搜索字符,但保留一些符号
        /// </summary>
        /// <param name="txtKey"></param>
        /// <returns></returns>
        public static string SafeLeach(this string txtKey)
        {
            string newString = txtKey.Trim();
            newString = newString.Replace("'", "’");
            newString = newString.Replace("\"", "“");
            newString = newString.Replace("@", "");
            newString = newString.Replace("&", "");
            newString = newString.Replace("$", "");
            newString = newString.Replace("%", "");
            newString = newString.Replace("(", "");
            newString = newString.Replace(")", "");
            newString = newString.Replace("-", "");
            newString = newString.Replace("[", "");
            newString = newString.Replace("]", "");
            newString = newString.Replace(";", "；");
            newString = newString.Replace("<", "&lt");//<和>必须排在最后
            newString = newString.Replace(">", "&gt");
            return newString;
        }

        /// <summary>
        /// 过滤一切不安全的字符,主要用于与数据库交互
        /// </summary>
        /// <param name="txtKey"></param>
        /// <returns></returns>
        public static string AllLeach(this string txtKey)
        {
            string newString = txtKey.Trim();
            newString = newString.Replace("'", "’");
            newString = newString.Replace("\"", "“");
            newString = newString.Replace("@", "");
            newString = newString.Replace("&", "");
            newString = newString.Replace("$", "");
            newString = newString.Replace("%", "");
            newString = newString.Replace("(", "");
            newString = newString.Replace(")", "");
            newString = newString.Replace("-", "");
            newString = newString.Replace("[", "");
            newString = newString.Replace("]", "");
            newString = newString.Replace(";", "；");
            newString = newString.Replace("<", "");
            newString = newString.Replace(">", "");
            return newString;
        }


        public static string ClearHtml(this string strHtml)
        {
            if (strHtml != "")
            {
                Regex r = null;
                Match m = null;

                r = new Regex(@"<\/?[^>]*>", RegexOptions.IgnoreCase);
                for (m = r.Match(strHtml); m.Success; m = m.NextMatch())
                {
                    strHtml = strHtml.Replace(m.Groups[0].ToString(), "");
                }
            }
            return NoHTML(strHtml);
        }
        /// <summary>
        /// 过滤标记
        /// </summary>
        /// <param name="NoHTML">包括HTML，脚本，数据库关键字，特殊字符的源码</param>
        /// <returns>已经去除标记后的文字</returns>
        public static string NoHTML(this string Htmlstring)
        {
            if (Htmlstring == null)
            {
                return "";
            }
            else
            {
                //删除脚本
                Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
                //删除HTML
                Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);

                Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);

                //删除与数据库相关的词
                Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "net user", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "or", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "net", "", RegexOptions.IgnoreCase);
                //Htmlstring =  Regex.Replace(Htmlstring,"*", "", RegexOptions.IgnoreCase);
                //Htmlstring =  Regex.Replace(Htmlstring,"-", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "delete", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "drop", "", RegexOptions.IgnoreCase);
                Htmlstring = Regex.Replace(Htmlstring, "script", "", RegexOptions.IgnoreCase);

                //特殊的字符
                Htmlstring = Htmlstring.Replace("<", "");
                Htmlstring = Htmlstring.Replace(">", "");
                Htmlstring = Htmlstring.Replace("*", "");
                Htmlstring = Htmlstring.Replace("-", "");
                Htmlstring = Htmlstring.Replace("?", "");
                Htmlstring = Htmlstring.Replace(",", "");
                Htmlstring = Htmlstring.Replace("/", "");
                Htmlstring = Htmlstring.Replace(";", "");
                Htmlstring = Htmlstring.Replace("*/", "");
                Htmlstring = Htmlstring.Replace("\r\n", "");
                Htmlstring = Htmlstring.Replace("'", "’");
                Htmlstring = HttpContext.Current.Server.HtmlEncode(Htmlstring).Trim();

                return Htmlstring;
            }

        }


    }


}
